From “Don’t Use AI” to “If You Use It, Tell Us”
Many business owners worry that employees might be using generative AI without permission. In fact, one survey found that about 40% of employees use generative AI for work, yet over half of them don’t report it to their company (Source: ITmedia NEWS, “If You Use AI, Tell Us, Not ‘Don’t Use It,'” June 2025).
In response, many companies try to ban AI use at work. But this approach has a fundamental flaw. A ban doesn’t stop employees from using AI—it just drives usage underground, increasing the risk of unmonitored use.
This article proposes a new governance model for the agent AI era: a disclosure-based approach of “if you use it, tell us.” This isn’t about letting AI run wild, but about designing a system that makes AI use visible, assuming it will be used.
Why Bans Don’t Work
The Gap Between On-the-Ground Needs and Management’s Risk Perception
Generative AI is a powerful tool that dramatically boosts daily efficiency—drafting emails, summarizing meeting minutes, assisting with data analysis. For SMEs struggling with labor shortages, the productivity gains from AI are too significant to ignore.
However, management worries about risks like data leaks, misinformation, and copyright infringement. This gap creates a conflict: employees want to use AI, but management wants to ban it.
The key point is that bans can backfire. Even with a ban, employees may think, “It’s okay if I don’t get caught.” The result is AI being used in places management can’t see, outside any risk management framework. That’s the most dangerous scenario.
The Design Philosophy of “If You Use It, Tell Us”
Three Elements of a Disclosure Rule
The “if you use it, tell us” governance model consists of three elements:
1. Pre-use declaration of purpose
Employees declare in advance “which task,” “which AI tool,” and “for what purpose” they will use it. This gives management visibility into AI usage.
2. Post-use reporting of results
Establish a rule to share AI-generated outputs internally. For external-facing documents like customer communications or contracts, always include a human review process.
3. Clear definition of prohibitions
Instead of listing “what not to do,” clarify “what is allowed.” For example, specify concrete prohibitions like “do not input internal confidential information into AI” or “do not let AI learn from personal data.”
Why the “Disclosure Model” Is Ideal for SMEs
Balancing Resource Constraints and Speed
Few SMEs can afford a dedicated AI governance department like large corporations. That’s why a lightweight system based on “disclosure and sharing” rather than “monitoring and control” is effective.
Practical examples include:
・Holding a monthly AI usage report meeting
・Creating a “#AI-usage-report” channel on the company chat
・Compiling an AI usage FAQ on the internal wiki
These require no special system investment and can be implemented with existing communication tools. The key is fostering a culture of “share when you use it.”
Three Steps for Implementation
Step 1: Start with Understanding the Current Situation
First, conduct an anonymous survey asking employees “what AI tools are you currently using?” Instead of asking “are you using it or not,” ask “in what situations do you think AI could be helpful?” This draws out honest feedback from the field.
Step 2: Set Minimum Rules
Trying to create perfect rules takes too long. Start with just these three:
・If you use AI, share that fact within your team
・Don’t use AI output directly for external information
・Don’t input internal confidential information
These alone cover most risks.
Step 3: Improve Through Operation
Rules aren’t set in stone. If the field says “this rule makes work difficult,” review it. Governance isn’t fixed; it should evolve with business changes.
Common Failure Patterns
The Pendulum Swing from “Total Ban” to “Total Free-for-All”
Some companies start with strict bans, face strong pushback, and then completely lift all restrictions, saying “use it freely.” This is the most dangerous pattern.
The right approach is to strategically use the “gray zone” between ban and permission. Instead of dividing everything into black or white, create zones: “this is OK,” “this needs confirmation.”
Summary: Governance Is Not About Stopping, But About Harnessing
In the AI agent era, the role of governance isn’t to eliminate risk. The true purpose of governance is to maximize the benefits of AI while appropriately controlling risks.
The “if you use it, tell us” disclosure model fits the resource constraints of SMEs and respects on-the-ground autonomy. Why not start with a small step?
(Reference: ITmedia NEWS, “If You Use AI, Tell Us, Not ‘Don’t Use It’—Redesigning Governance for the Agent Era,” June 4, 2025)
Comments